The counterfeiting of pharmaceutical products is widely recognized as a major worldwide problem, with serious public health and economic consequences. In particular, users of pharmaceutical products need to know that drugs they have been prescribed have been made by the stated approved manufacturer. In addition, users need correct expiry dates for the drugs and need to have full confidence that the drugs are correct.
The drug manufacturers also wish to ensure that users have obtained the correct drugs, but additionally aim to ensure that their drugs are not re-sold into different markets.
Various measures have been proposed to address these issues. One approach involves providing the drug packaging with some form of data storage device. The data stored enables a user to obtain data from the packaging and perform a verification operation with the drug manufacturer.
A number of different approaches have been proposed using radio frequency identification (RFID) devices.
Roger Johnston of the “Vulnerability Assessment Team” at Los Alamos National Laboratory has proposed an anti-counterfeiting approach which has been called a “Call-In the Numeric Token” method. In this proposal, a passive RFID device is provided as part of the pharmaceutical product packaging, and this device stores a unique identification number. The pharmaceutical manufacturer maintains a database of these numbers. When a user wishes to verify the authenticity of a particular drug, the identification number is provided to the pharmaceutical manufacturer either by telephone or using a web based service.
The identification number is selected at random, and the implementation proposed generates at least one thousand times more invalid identification numbers than actual valid identification numbers within a given lot. The user simply verifies with the manufacturer that the identification number is a valid number, and this provides the verification that it is highly probably that the product is from a genuine source.
Records are kept of the verifications that have been carried out, so that multiple verifications of the same identification number can be detected. This suggests that counterfeiting is taking place, and action can then be taken.
Another system has been proposed by Texas Instruments, which again uses RFID devices. In this approach, a digital signature is generated and provided in the device memory. The digitally signed information is a function (for example a hash function) of the RFID device identification number and a product manufacturer identifier. The verification procedure involves performing the same hash function on the device identification number and the product manufacturer identification number (which are obtained from the RFID device) and verifying that the result of the hash function is the same as the digitally signed version, which is obtained by applying the public key of the manufacturer. This approach enables off-line verification of the authenticity.